{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-21861/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.1,"id":"CVE-2026-21861"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-21861","command-injection","webserver"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ebaserCMS, a website development framework, is susceptible to an OS command injection vulnerability (CVE-2026-21861) in versions prior to 5.2.3. This flaw resides within the core update functionality, where user-controlled input is directly passed to the \u003ccode\u003eexec()\u003c/code\u003e function without proper sanitization or validation. A successful exploit allows an authenticated administrator to execute arbitrary operating system commands on the underlying server. The vulnerability was reported on March 30, 2026…\u003c/p\u003e\n","date_modified":"2026-03-31T01:19:59Z","date_published":"2026-03-31T01:19:59Z","id":"/briefs/2026-04-basercms-command-injection/","summary":"baserCMS versions prior to 5.2.3 are vulnerable to OS command injection, allowing an authenticated administrator to execute arbitrary commands on the server via maliciously crafted input to the core update functionality.","title":"baserCMS OS Command Injection Vulnerability (CVE-2026-21861)","url":"https://feed.craftedsignal.io/briefs/2026-04-basercms-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-21861","version":"https://jsonfeed.org/version/1.1"}